An inspector general assigned to inspect and diagnosis the abysmal security at the space agency has just revealed [PDF] that NASA lost the control codes to the International Space Station, along with what sounds like a good portion of NASA's other secrets.

"Ahh... how do I say this. Er. I lost the keys to mankind's only active space station. No, really."
[Image Source: NASA]

The only good news is that the station itself used secondary encryption meaning that whoever stole the control codes would be unable to gain full command, unless they also managed to get ahold of that code, as the station only accepts commands encoded with that day's encryption. Still the data loss is an embarrassing highlight in a lengthy report detailing NASA's failing information technology efforts.

Thefts of NASA employees' laptops and mobile devices began in April 2009 and continued until April 2011. In all about 48 devices were stolen, before NASA tightened security. Or actually, says NASA Inspector General Paul K. Martin the number could be higher, as NASA relies on employees to report the theft of work devices.

Apparently information technology-wise, NASA is operating as if the year was 1969 -- the year NASA triumphantly landed on the moon. A lot of things have changed since then in the world of computing, but NASA's IT department appears to be a little bit behind the times.

Mr. Martin describes that as of February 1 only about 1 percent of NASA laptops are encrypted, despite carrying a host of state secrets – third-party contractors' intellectual property, spaceship designs, control codes, and even astronauts' personal information.

Do you know how to patch your computer? If so, you're a step ahead of the glowing minds in NASA's IT department. [Image Source: Microsoft]

While the agency is mandated to patch its machines under national security guidelines, the agency's chief information officer apparently "has limited ability" to accomplish the process, as NASA appears to lack any sort of coherent device management. And of course, NASA employees appear to be either not authorized to apply Windows Update/apt-get or are unaware of how to use these modern marvels.

II. Hostile Parties Revel in NASA's Incompetent Security

The net result is that everyone from amateurs up to seasoned foreign level actors appears to be victimizing NASA and its IT department. The worst incident described was the theft of the space station control codes, which were on an unencrypted laptop.

The IG didn't say exactly where that laptop might be today, leaving it unclear whether it even knows. Nor did it say what become of the other devices which contained employee (and astronaut) social security numbers, data on the Orion spacecraft design, data on the cancelled Constellation Program, "export-controlled, Personally Identifiable Information", and "third party intellectual property".

As for the ISS control codes, NASA engineers were forced to scrap parts of the station's software when they realized that security had been presumably completely compromised. As Mr. Martin puts it, there was "loss of the algorithms."

U.S. intelligence agents recently succeeded in arresting Razvan Manole Cernainu, handle "TinKode", who was among the reportedly numerous independent hackers who penetrated NASA's networks for fun and bragging rights. TinKode in 2011 hacked into Goddard Space Flight Center FTP server, posting screen grabs of confidential information from NASA's SERVIR disaster relief satellite effort. He would hack into NASA and other U.S. government agencies several more times, allegedly before he was caught. But not all the parties hacking into NASA's servers were attention-seeking young adults. Comments Mr. Martin, "These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives."

This has led to the occasional hollow complaint from government talking heads, but ultimately the U.S. has exercised measured meekness in accepting that it ultimately has no way of retaliating against the attacks. China holds a portion of the U.S. national debt, but more importantly, the majority of U.S. companies manufacture their products in China. To alienate China would be economic suicide.

III. An Epic Failure

But even in terms of the typical security-deficient U.S. government and equally challenged contractors, NASA's computer administrators appear to be setting a new standard in inability. Of course, as mentioned, part of this can be attributed to budget cuts and red tape placed upon the agency by Congress. But much of it comes back to the staff, if Mr. Martin's testimony is to be believed.

NASA officials had previously admitted that U.S. satellites were hacked in 2007 and 2008 by unknown, likely national-level players. China was mentioned as a prime suspect. But the loss of the codebook to controlling the ISS is a far more embarrassing low for the agency.

His comments seem to hint that it might be time for the CIO to go. And he says that it's vital for NASA to adopt mass encryption. He comments, "Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft."

The IG said NASA must encrypt or it will be embarassed again.
[Image Source: How Stuff Works]

Just to the 5 to 10 year thing, we went from crude, German-copied rockets to the most powerful launcher yet devised by man, the Saturn V, in 9 years (1958 Redstone entered service, 1967 Saturn V), and landed men on the moon with technology less advanced then what can be found in a common digital watch these days.

If we wanted to set foot on Mars within 10 years, it'd be primarily a matter of will, not technology nor money. The trip requires either insane amounts of provisions, or nuclear thermal rockets. Those we've had operational since the 60s. Definitely not a money issue; NASA is a rounding error in the federal budget compared to social spending outlays. So really, it just comes down to this: America has no balls any more. We traded them to China, in return for them buying our debt, so we can fund our ponzi scheme a little bit longer.

We know a lot more today than we did back then. It's not that easy to send someone to mars. For example, you need protection from solar radiation even when going to the Moon, imagine Mars. There are things that we still haven't figured out how to do before going to Mars. Besides, sending someone there implies they need to get back somehow (Though I'd venture that anyone going there is probably staying to colonize if that's at all possible).

That's true about solar radiation, partly why nuclear thermal rockets are such a good idea. The entire trip is done in a matter of weeks compared to months. That's much less time to be in the line of solar fire. If it weren't for radiation, we could use the same tech to mount longer trips even further afield. With some warning, they could use a shielded compartment, at least briefly.. But, just like the Apollo era astronauts, they'd need to know they may not make it back. I'd roll that dice.

Not sure what else there is, though. We've landed men on other large bodies before, had them walk around, take back off again, return to an orbiting partner vehicle, then return to Earth. It's the moon, writ large, with an atmosphere to also enter and exit.

Give them the money, license to hire who I need and license to tell environmentalists to STFU and 10 years. It'd get done.